Known infectious source - website with Trj/Genetic.gen aka Win32:Adware-gen [Adw

See: https://www.virustotal.com/nl/url/1f2e4c802665b3acd3e4542600aa9881b6014f9b8e3bb60bcec3cca34f1e8732/analysis/1428233406/
Infested with malware: http://yandex.com/infected?l10n=en&url=zhushou.52lishi.com
Unable to properly scan your site. Site returning error (40x): HTTP/1.1 403 Forbidden
ESET Reputation Warning.
Malware detected: http://urlquery.net/report.php?id=1428089939677 &
http://cymon.io/218.75.155.41
Re: http://www.scumware.org/report/6F74B10F0B26D97F520D79AD43FC5A96.html
Avast detects Win32:Adware-gen [Adw].-> http://support.clean-mx.de/clean-mx/viruses.php?review=218.75.155.41&sort=id%20desc (all malware up and alive!)

polonus

Unable to properly scan your site. Site returning error (40x): HTTP/1.1 403 Forbidden
that often mean site is down ..... did you check?

www.downforeveryoneorjustme.com/http://zhushou.52lishi.com/wanyxbd_46290.exe

Hi Pondus,

It is also blocked by uBlock filter for me - but server is not down.


HTTP/1.1 403 Forbidden
Server: nginx/1.7.6
Date: Sun, 05 Apr 2015 11:28:56 GMT
Content-Type: text/html; charset=gb2312
Content-Length: 168
Connection: close
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx/1.7.6</center>
</body>
</html>

No Allow or Public header in OPTIONS response (status code 403)
This means there is no default document set, like for instance index.html.

Here you get:

 Expires: Sun, 05 Apr 2015 12:08:47 GMT
X-Squid-Error: ERR_ACCESS_DENIED 0
X-Cache: MISS from pconline-dl-ngx1-vm238-153.pconline.ctc
X-Cache-Lookup: NONE from pconline-dl-ngx1-vm238-153.pconline.ctc:80
Via: 1.0 pconline-dl-ngx1-vm238-153.pconline.ctc:80 (squid/2.6.STABLE20) 

So in fact it could be considered as down.

polonus